summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/ghostscript_9.25.bb
AgeCommit message (Collapse)Author
2018-12-01ghostscript: 9.25 -> 9.26Hongxu Jia
- Drop backported CVE fixes 000[1-8]*.patch Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-06ghostscript: fix CVE-2018-18284Hongxu Jia
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-06ghostscript: fix CVE-2018-18073Hongxu Jia
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-06ghostscript: fix CVE-2018-17961Hongxu Jia
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-20ghostscript: upgrade to 9.25Jagadeesh Krishnanjanappa
Removed below patches, as v9.25 source already has those changes/security fixes: 0001-Bug-699665-memory-corruption-in-aesdecode.patch 0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch 0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch 0003-Fix-Bug-699660-shading_param-incomplete-type-checkin.patch 0004-Hide-the-.shfill-operator.patch 0005-Bug-699657-properly-apply-file-permissions-to-.tempf.patch remove-direct-symlink.patch Re-worked ghostscript-9.21-native-fix-disable-system-libtiff.patch and ghostscript-9.21-prevent_recompiling.patch to fix warnings in do_patch task of ghostscript v9.25 recipe. Highlights of ghostscript v9.25 release: --------------------------------------- - This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release. - Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources. - Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits. - As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files. - IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF). - The usual round of bug fixes, compatibility changes, and incremental improvements. Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-13 00:34:04 +0000